Bad Key Alert!

#!/usr/bin/perl ############################# LEGAL NOTICE ############################### ############ Copyright © Patrick Tan of www.clickitpro.com ############### # This script contains the proprietary source code of Patrick Tan. # # Permission is hereby granted to you solely for the use of this source # # code on your specified Web site in its unaltered state. You are not # # allowed to resell this script or modify its source codes. These actions# # violate international copyright and trade secret laws, and will be # # prosecuted to the fullest extent permitted by law, unless permission # # is sought from Patrick Tan. # # # # The use of this script is strictly on your own discretion, without any # # express or implied warranties. In no event shall www.clickitpro.com, # # Patrick Tan or contributors to this script be held liable for any # # direct, indirect, incidental or consequential damages (including, but # # not limited to, procurement of substitute goods or services; loss of # # use, profits or data; or business interruption) arising in any way out # # of the use of this script based on any theory of liability, whether in # # the law of contract, strict liability, tort, negligence or otherwise. # ########################################################################## #### Set Date & Variables #### $cgiurl = "http://www.xprodbase.com/adtracker"; $homepage = "http://www.xprodbase.com/"; $user = "chazzuser"; $secure = "dontpanic"; ($Second, $Minute, $Hour, $DayOfMonth, $Month, $Year, $WeekDay, $DayOfYear, $IsDST) = gmtime(time); $RealMonth = $Month + 1; $RealYear = $Year + 1900; $RY = substr($RealYear, 2, 2); $date = sprintf("%02d/%02d/%02d", $DayOfMonth, $RealMonth, $RY); @DAT=(); if ($ENV{"REQUEST_METHOD"} eq 'GET') { $input = $ENV{"QUERY_STRING"}; @DAT = split(/&/, $input); $ND=@DAT; if ($ND == '3') { ($apname, $adid, $code) = @DAT; if ($code eq $secure) { if ($adid eq 'report') { $note=0; $mesg=0; $id=$apname.'&'.'Campaign_ID'; &report; } elsif ($apname eq 'adlist') { &list_ads; } else { &intruder_alert; } } else { &intruder_alert; } } elsif ($ND == '2') { ($apname, $adid) = @DAT; $id = $apname.':'.$adid; &add_hit; } elsif ($ND == '1') { if ($input eq 'login') { $note='0'; &login; } else { print "Location: $homepage\n\n"; } } else { print "Location: $homepage\n\n"; } } else { read(STDIN, $buffer, $ENV{'CONTENT_LENGTH'}); @pairs = (); @pairs = split(/&/, $buffer); foreach $pair (@pairs) { ($name, $value) = split(/=/, $pair); # Un-Webify plus signs and %-encoding $value =~ s/\+/ /g; $value =~ s/%([a-fA-F0-9][a-fA-F0-9])/pack("C", hex($1))/eg; $value =~ s/#exec cmd/COMMAND NOT ALLOWED/gi; $value =~ s/\//g; $value =~ s/<([^>]|\n)*>//g; $FORM{$name} = $value; } $task = $FORM{'task'}; $code = $FORM{'code'}; if ($code eq $secure) { if ($task eq 'Initiate') { $adcode = $FORM{'adcode'}; $apname = $FORM{'apname'}; if ($adcode ne '') { $id = $apname.':'.$adcode; dbmopen(%AD, "MFAtrack", 0600); $AD{$id} = join("\t", ($date, $FORM{'url'}, 0)); dbmclose(%AD); $note="Ad campaign $adcode initiated successfully!"; $mesg=0; $id =~ s/:/&/g; } else { $note=0; $mesg=0; $id=$apname.'&'.'Campaign_ID'; } &report; } elsif ($task eq 'Delete') { $apname = $FORM{'apname'}; $del = $apname.':'.$FORM{'del'}; dbmopen(%AD, "MFAtrack", 0600); delete($AD{$del}); dbmclose(%AD); $id=$apname.'&'.'Campaign_ID'; $mesg="Ad campaign $FORM{'del'} removed successfully!"; $note=0; &report; } elsif ($task eq 'Create Ad') { $ad=$FORM{'adname'}; $ad =~ s/ //g; dbmopen(%AP, "CIPAds", 0600); $AP{$ad} = join("\t", ($date, $FORM{'product'}, $FORM{'url'}, $FORM{'adcopy'})); dbmclose(%AP); &list_ads; } else { &intruder_alert; } } else { if ($task eq 'Login') { if ($FORM{'uid'} eq $user && $FORM{'pass'} eq $secure) { &list_ads } else { $note='Incorrect username or password!'; &login; } } else { &intruder_alert; } } } #### Login Page #### sub add_hit { dbmopen(%AD, "MFAtrack", 0600); if ($AD{$id}) { $rec = $AD{$id}; ($day, $src, $hit) = split(/\t/, $rec); $hit=$hit+1; $AD{$id} = join("\t", ($day, $src, $hit)); &redirect_url; } else { print "Location: $homepage\n\n"; } dbmclose(%AD); } sub login { &header; print "\n"; print "\n"; &footer; } #### List Ads #### sub list_ads { &header; print "\n"; print "

\n"; print " \n"; print " \n"; print "

\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

USER LOGIN

\n"; if ($note ne '0') { print " \n"; } print " \n"; print " \n"; print "

$note
Username:
Password:

\n"; print "\n"; &footer; } #### Redirect URK #### sub redirect_url { dbmopen(%AP, "CIPAds", 0600); $rec = $AP{$apname}; ($day, $product, $goto, $adcopy) = split(/\t/, $rec); dbmclose(%AP); print "Location: $goto\n\n"; } #### Intruder_alert #### sub intruder_alert { print "Content-type: text/html\n"; print "\n"; print "\n"; print "\n"; print "Bad Key Alert!\n"; print "\n"; print "

\n"; print "

\n"; print " \n"; print " \n"; print "

\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

CREATE NEW AD:

\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print "

Ad Name:
Product:
Location:
Ad Copy:

EXISTING ADS:

\n"; print " \n"; dbmopen(%AP, "CIPAds", 0600); foreach $adname (sort(keys(%AP))) { $rec = $AP{$adname}; ($day, $product, $goto, $adcopy) = split(/\t/, $rec); print " \n"; } dbmclose(%AP); print "

Date	Ad Name	Product	Redirect URL
$day	$adname	$product	$goto

\n"; print "\n"; print "\n"; print " \n"; print "\n"; print "


	THE SYSTEM IS UNABLE TO DECIPHER YOUR KEY ACTION! If you are a legitimate user, it could be caused by runtime data error in the database. Please notify the Webmaster of this error. Clicking the Enter key on your keyboard when you are entering data into a form or executing a function may also lead to bad key errors. Please use the relevant button provided on the Web page to carry out these tasks.
BAD KEY ACTION!

\n"; } #### Generate Report #### sub header { print "Content-type: text/html\n"; print "\n"; print "\n"; print "\n"; print "Ad Tracking Script\n"; print "\n"; print "\n"; print "\n"; print "\n"; print "\n\n"; print "

\n"; print "\n"; print "

\n\n"; print "\n"; print "\n"; } sub report { &header; print "\n"; print "\n"; print "\n"; &footer; } exit;

\n"; print " \n"; print " \n"; print "

\n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; $nad=0; dbmopen(%AD, "MFAtrack", 0600); foreach $key (sort(keys(%AD))) { if ($key ne '' && $key =~ /$apname/) { $nad=$nad+1; } } if ($nad > '0') { print " \n"; if ($mesg ne '0') { print " \n"; } print " \n"; } print " \n"; print " \n"; print " \n"; print "

INITIATE AD CAMPAIGN

\n"; print " \n"; dbmopen(%AP, "CIPAds", 0600); $rec = $AP{$apname}; ($day, $product, $goto, $adcopy) = split(/\t/, $rec); dbmclose(%AP); print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; print " \n"; if ($note ne '0') { print " \n"; } print " \n"; print " \n"; print "

You can use this tracking script to track the responses to the following ad. Just remember to insert the following tracking link to your ad. Please replace the Campaign_ID with the corresponding Campaign ID.

Product:		$product

Redirect URL:		$goto

Ad Copy:		$adcopy

Tracking Link:		$cgiurl/track.pl?$id

$note
Campaign ID:
Referral URL:

REMOVE AD CAMPAIGN

$mesg

Remove Campaign:

AD RESPONSE REPORT

\n"; print " \n"; foreach $key (sort(keys(%AD))) { if ($key =~ /$apname/) { ($apname, $adkey) = split(/:/, $key); $rec = $AD{$key}; ($day, $desc, $hit) = split(/\t/, $rec); print " \n"; } } dbmclose(%AD); print "

ID	Date	Referral URL	Hits
$adkey	$day	$desc	$hit